Home / mailings [SECURITY] [DSA 2956-1] icinga security update
Posted on 11 June 2014
Debian Security Advisory-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2956-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
June 11, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : icinga
CVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878
CVE-2014-2386
Multiple security issues have been found in the Icinga host and network
monitoring system (buffer overflows, cross-site request forgery, off-by
ones) which could result in the execution of arbitrary code, denial of
service or session hijacking.
For the stable distribution (wheezy), these problems have been fixed in
version 1.7.1-7.
For the testing distribution (jessie), these problems have been fixed in
version 1.11.0-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.11.0-1.
We recommend that you upgrade your icinga packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
